How PayPal works

[Brother]

Somehow it didn't work out for me with different payment systems, I know more of them in theory. Incl. PayPal. And I have a goal - how to deal with all of them. I decided to start with PayPal.

At its core, PayPal is a lot like a bank. And it works with the most common (non-cash) money, or, as is customary now to clarify, with fiat money. The fact is that there are payment systems that work with the so-called. title units (such is, for example, WebMoney), and there are those that work with the usual non-cash fiat money. So, PayPal is, in fact, just like a bank that provides special banking services. All those "goodies and goodies" for which PayPal is loved in the world are simply, relatively speaking, a special banking product.

I add "as if" and "conditionally" because in different countries this payment network does not have to have a "full-fledged bank". There is also some other tricky thing, which, for example, in Russian legislation is called "Non-Bank Credit Organization". Relatively speaking, this is a stripped-down bank. An NPO cannot give loans and keep deposits. In other words, an NPO cannot issue credit money .

But we, as usual, are not interested in legal and economic, but in technical subtleties. Therefore, further on about them.

From t.zr. Payer PayPal is like a Merchant, or, more precisely, a Vendor with a POS terminal. And for payments using plastic cards there is such an interesting thing as Recurrent Payments, or, in other words, "recurring payments". In this case, they are not entirely repetitive, but they use this very mechanism.

Why, actually?

Here's the thing. There is such a standard in the industry as PCI DSS (Payment Card Industry Data Security Standard). There are many smart and important things that strictly regulate security measures when handling payment card data. According to these requirements, for example, it is impossible to store PINs of cards in any form (even encrypted with terrible ciphers and signed with blood), it is impossible to store CVV along with the rest of the card data (PAN, cardholder name and expiration date) in certain cases, etc.

So, PayPal actually conducts card transactions, but you present the card to it only once. How so? It's not safe! This is partly true. It's just that PayPal uses that very specific operation - Recurrent Payment.

From t.zr. international payment systems (Visa, MasterCard etc) is a special type of payment. It is assumed, for example, that you regularly make payments to the same vendor (supplier of goods or services), the details are the same, only the details (for example, the amount) change. In a number of cases, it would be convenient for the user that the write-off would take place automatically, without active actions on his part. For example, utility bills. That is why they are called Recurrent, repeating. But for a full-fledged card transaction, you must either present a PIN or CVV, and the bank (financial institution) is bound by the PCI DSS standard and has no right to store such things. And PayPal is also a financial institution. And payments need to be made. What to do?

This is where Recurrent Payment works, when creating such a transaction, no PIN or CVV is required, nothing sensitive, except for the usual readily available card details. But this one differs from a normal transaction in that it has a recurring sign . In general, in theory, you still need a link to the original transaction (the one that seems to be "repeated"), but here it depends on the rules of each specific payment network. In most cases, there is no reference to the original transaction. Although, in some new technologies, for example, in the MIT visa (Merchant-Initiated Transactions), the link is required.

Well, since the operation is more dangerous than a regular transaction, it is much easier to object to it. This ease is needed to protect the user from possible abuse by unscrupulous sellers.

So PayPal works like this.

The first transaction is needed to register in the system, plus we check that the card is working (it was possible to withdraw money from it), plus we get the card data. And then all subsequent PayPal payments - "transfers" - are Recurrent Payments with a different amount, in favor of PayPal. And then - the usual banking business of transferring non-cash money, currency conversion, currency control, etc. PayPal has received money from your card and is already working with it in favor of third parties (transfers to the merchant's accounts).

This is true for individuals. And, in fact, legal entities simply open the most ordinary settlement accounts with PayPal and work to some extent, as if it were an ordinary bank (ordinary financial institution). By the way, according to my information, PayPal withdraws rubles from a PayPal account to accounts in Russian banks without commission.

Well, and, as far as I know, the "unused" money stored in PayPal accounts itself PayPal deposits in different partner banks in order to earn extra money. Actually, with the advent of 3D-Secure technology (I plan to tell you in the near future), PayPal has become, rather, just an ordinary convenient system, nothing remarkable in terms of security (as it was at the dawn of its development) does not differ from other systems. Yes, and she came to Russia fully by the time when everyone learned to do well without her. However, maybe I don’t know something? If so - write, we'll figure it out.